An attacker can send an email containing a malicious non-ASCII header which, when replied to, would cause the program to crash, potentially allowing the execution of arbitrary code with the privileges of the user running the software.